A new ransomware is attempting to extort money from companies as varied as a lingerie manufacturer and parcel delivery service. The new ransomware, called Nefilim, is threatening to leak a company's data in seven days if they don't pay the ransom. While cybercriminals usually ask for Bitcoin, some new ransomware attacks request Amazon and iTunes gift cards.
Companies hit include Toll Group, a logistics company in Australia and MAS Holdings, which manufactures lingerie for Victoria's Secret. Colorado's Parkview Medical Center was also hit, presumably with Nefilim ransomware. This is the second malware attack this year for the Toll Group, although the first one was not a Nefilim attack. The first attack was caused by Mailto malware and the company publicly stated they will not pay another ransomware demand.
In a ransomware attack, cybercriminals encrypt files on infected systems, forcing companies to pay a ransom for a decryption key. If a company refuses to pay the ransom, the cybercriminals will sell the information on the dark web or use it to commit identity theft. They may also use it to send phishing emails to the company's customers.
Nefilim does not use Ransomware-as-a-Service (RaaS), which many novice cybercriminals use because it comes as a package and there's no need to code the malware. Nefilim uses email communications to collect ransom instead of a Tor payment site where the service provider, the coder and the cybercriminal often split the proceeds.
Ransomware attacks are down, but reports of organizations making large payments increases the likelihood more ransomware attacks will occur. The local government of Jackson Co., Georgia paid their attackers $400,000 after they were infected with the Ryuk ransomware strain. Lake City, Florida paid $500,000 and Riviera Beach, Florida paid $600,000. Many organizations don't announce they have paid the ransom, so it's likely the statistics concerning payments are on the low side.